Plenty of surveys state that employees are liable for approximately 80% of data breaches in the workplace. In fact, it only takes a single employee who’s ignorant and careless to introduce malware to the office network. For example, an employee opens an infected email message from their computer connected to the office network and unknowingly unleashes malware onto the entire network. So how do you prevent this from happening in your own office?
Make Sure to Educate All Your Employees Properly
Ensure that your employees know that data breaches or leaks could lead to potential financial, legal, and criminal consequences. Work with network security companies to conduct unexpected checks to determine if an employee is doing something that could compromise the company data, like not logging off when they aren’t using the computer. Make sure that your employees know how critical security is to the entire company. Urge them to report any suspicious behaviour they see from the staff.
Conduct a Phishing Simulation
Once you’ve educated your employees on proper security measures, it’s a good idea to test their knowledge by having them undergo a phishing simulation test to see if they apply what they’ve learned. If an employee clicks on the link, the landing page will inform them that they have just fallen prey to phishing. Make sure to include information about security awareness and to tell them what they should have done and why what he did was wrong. When creating the phishing simulation test, make sure that the email messages have a clue or two that it’s from a dubious source, like misspelt words or sketchy wording.
Do Impromptu Pop Quizzes
Send these quizzes to all employees, including those that have failed your phishing simulation test to see if they have learned their lesson. When giving out the quizzes, send them at different times and days so that your employees won’t see them coming. Likewise, make certain to modify the nature of the quizzes. You can also work with a security professional that will pose as a suspicious person trying to obtain sensitive data about your company in person or on the phone. This is a very important test to help you determine which employees are vulnerable to security threats and require additional security awareness training.
Keep the Quizzes Coming
Don’t just stop at 10 or so quizzes; send out security quizzes all year round to really determine if your employees are applying all their security knowledge. Keep in mind, though, that these quizzes are mainly to educate your employees and not to make them feel ignorant or bad if they fail the test. Just make sure to send out a list of things that they have missed and the proper answers to the quiz questions. In addition, check the list from time to time to see if you need to revise or update anything.
Keep in mind that security awareness should be an ongoing and never-ending effort, but keep it interesting and fun. It’s also a great idea to acknowledge employees who have repeatedly ace your tests so that they know that you appreciate their efforts.